Alert GCSA-25102 - Vulnerabilita' multiple in NAS QNAP
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
******************************************************************
Alert ID: GCSA-25102
Data: 01 Settembre 2025
Titolo: Vulnerabilita' multiple in NAS QNAP
******************************************************************
:: Descrizione del problema
Sono state identificate vulnerabilita' multiple nei NAS QNAP
che potrebbero consentire ad un attaccante remoto di innescare
condizioni di Denial of Service, rivelare informazioni sensibili,
eseguire codice arbitrario e manipolare dati su un sistema che ne sia affetto
:: Software interessato
QTS 5.2.x
QuTS hero h5.2.x
:: Impatto
Remote Code Execution
Denial of Service
Information Disclosure
Data Manipulation
:: Soluzioni
Aggiornare i sistemi alle ultime versioni rilasciate:
https://www.qnap.com/en/security-advisory/qsa-25-21
https://www.qnap.com/en/security-advisory/qsa-25-23
:: Riferimenti
QNAP Security Advisory:
https://www.qnap.com/en/security-advisory/qsa-25-21
https://www.qnap.com/en/security-advisory/qsa-25-23
Mitre CVE:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22995
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45188
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42464
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38439
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38440
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38441
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29882
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30264
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30265
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30267
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30268
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30270
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30271
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30272
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30273
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30274
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-33032
GARR CERT Security Alert - subscribe/unsubscribe:
https://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
iGsEAREIACsWIQTGpdiR5MqstacBGHbBnEyTZRJgQgUCaLVYAg0cY2VydEBnYXJy
Lml0AAoJEMGcTJNlEmBC8uEAoNLQmOxVb1i0316F8k4aEpLQhandAKDGE7jOaHFv
SYQFEghYu5roiYY6gg==
=/IiS
-----END PGP SIGNATURE-----
Hash: SHA256
******************************************************************
Alert ID: GCSA-25102
Data: 01 Settembre 2025
Titolo: Vulnerabilita' multiple in NAS QNAP
******************************************************************
:: Descrizione del problema
Sono state identificate vulnerabilita' multiple nei NAS QNAP
che potrebbero consentire ad un attaccante remoto di innescare
condizioni di Denial of Service, rivelare informazioni sensibili,
eseguire codice arbitrario e manipolare dati su un sistema che ne sia affetto
:: Software interessato
QTS 5.2.x
QuTS hero h5.2.x
:: Impatto
Remote Code Execution
Denial of Service
Information Disclosure
Data Manipulation
:: Soluzioni
Aggiornare i sistemi alle ultime versioni rilasciate:
https://www.qnap.com/en/security-advisory/qsa-25-21
https://www.qnap.com/en/security-advisory/qsa-25-23
:: Riferimenti
QNAP Security Advisory:
https://www.qnap.com/en/security-advisory/qsa-25-21
https://www.qnap.com/en/security-advisory/qsa-25-23
Mitre CVE:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22995
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45188
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42464
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38439
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38440
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38441
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29882
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30264
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30265
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30267
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30268
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30270
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30271
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30272
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30273
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30274
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-33032
GARR CERT Security Alert - subscribe/unsubscribe:
https://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
iGsEAREIACsWIQTGpdiR5MqstacBGHbBnEyTZRJgQgUCaLVYAg0cY2VydEBnYXJy
Lml0AAoJEMGcTJNlEmBC8uEAoNLQmOxVb1i0316F8k4aEpLQhandAKDGE7jOaHFv
SYQFEghYu5roiYY6gg==
=/IiS
-----END PGP SIGNATURE-----